I'm trying to setup my OpenWRT router in the second house on the same subnet as the rest of the network but with it's own DHCP so when clients are connected to networks in the second house they get DHCP lease from OpenWRT.
Basically my setup is Starlink at Main house and have wireless ptp link to 2nd house and workshop. ptp connects to OpenWRT router via WAN. I would ideally like it to still be part of the main network in the house, can access stuff in main house lan and same with second house lan and workshop etc
The issues is the DHCP I still want it to act as router in second house and not a dumb access point. If I setup this router to be 192.168.1.3 and main starlink router is 192.168.1.1 this works and I have all access, but the clients connected to OpenWRT don't get DHCP lease so I can't set them as static, see there host names, ips etc they just show up with question mark. I have moved the DHCP range to prevent conflicts with starlink DHCP server. I have also told OpenWRT lan to use 192.168.1.3 as DNS server and no gateway. I have then forwarded the DNS request to 192.168.1.1 But the OpenWRT clients are still using 192.168.1.1 as there DNS.
If I change to complete different subnet (192.168.10.0/24) the DHCP works correctly and I can still access the 192.168.1.1 network, but I can't reach my 192.168.10.0/24 from 192.168.1.0/24 network. I ideally want it all to be on same network so casting and auto discovery and server stuff still work.
I have a work lab in the workshop where I have dev PLCs and devices always connected to network and would like to access these from my office in second house for when I need to test PLC programs/software on the physical devices.
On the OpenWRT I will also be setting up VLANs for IOT/smarthome devices and Guest network etc, my focus is to get the main network working correctly.
What you're asking for cannot be done for several reasons:
You can only have a single DHCP server on a subnet. If you attempt to use a single subnet and have multiple DHCP servers, it will cause a conflict.
If you connect the upstream LAN (192.168.1.0.24) to the OpenWrt WAN, the OpenWrt LAN must be a different subnet since you are now in a routing regime. A router can never have two or more networks that have the same or overlapping subnets because it creates routing ambiguity (to use a simple example: you are carrying a package that you must deliver to John (that's all the info you have)... you walk into a room and find that there are two people named John... who do you give it to??)
So, a few questions:
What is your goal here? It sounds like you want all 3 buildings to have a single contiguous network -- but what is the reasoning here?
Why not just use the OpenWrt routers in the 2 secondary locations as dumb APs?
Or... Why do you not want the buildings to be on separate networks?
Other than the internet, do you need to be able to share files/resources between buildings?
Is the wireless PTP network connection effectively transparent? (a way to test this: connect a regular computer to the PTP link at the second house -- does it get a DHCP lease and normal network connectivity from the Starlink router in the main house?
Does the starlink router have the ability to add user-specified static routes?
EDIT: re-reading the OP, it looks like the issue that is making the dumb AP less attractive is the "?" in the wifi client ID field? There are some workarounds for this, but typically this is for an all-OpenWrt network.
And it does appear that there are resources to be shared across all three buildings, especially for casting and auto-discovery... there is the idea of an MDNS repeater/reflector that can help here if you have multiple networks. But you'd also need to have static routes on the main router for this to work properly.
If you do want the single spanning network, we may be able to bridge your house2 P2P link with anything else you want in the main network: would need to change OpenWrt LAN subnet, and change OpenWrt bridge so that P2P is bridged untagged with your other trusted devices (example: lan2, lan3, wifi trusted). Then create extra networks on the OpenWrt device for your untrusted IoT devices (lan4, wifi untrusted), and use firewall to forward from OpenWrt house1 IP to untrusted IPs (or NAT if you cannot create route at the StarLink router)
Yes as I have a homelab server in the workshop and I want to access that from both houses, also in the workshop is my electronics and PLCs ( programable logic controllers ) which get programmed over the network during development. I also have a few IOT devices in the shed monitoring machines and water pump etc so I need local lan access to all these devices and vice versa
main reason in second house is I will have a bunch of IOT/Smarthome devices and if it's a dumb AP I can't use IP scanner to keep track of host names and there IPs or set them as static in the DHCP lease or access devices via host name etc
They can be on separate networks if I can have access to all the different subnets ( can be done with OpenWRT ) but not with starlink router or workshop router.
Yes will be sharing resources across the network, in the process of building another homelab server for in the second house that will run Home Assistant, NextCloud/NAS etc Would like to access this from Workshop and main house also
Yes I have setup both PTP links to be full transparent ( They are setup with static IPs on the main network ) but yes I can plug PC directly in and get DHCP lease from starlink.
This is the problem with Starlink router you can't change anything but the DNS servers, It's hopeless and defiantly can't do static routes
Edit: I have considered buying some more routers that can be flashed with OpenWRT to be at all locations. If I was todo this and the other 2x as dumb AP, will host names work across the whole network?
My biggest issue is hostnames, I use host names for basically everything and all my configs and server stuff etc as it's easy to keep track of and doesn't matter it IPs change as DNS will resolve the IP to the hostname etc
^^^ Yes, this would be a viable option. With OpenWrt running behind the Starlink router at the main house, and then OpenWrt dumb APs at the other locations, you have a lot of flexibility and capability there.
If your starlink router's DHCP server can be disabled, you could setup two dumb APs, but on one of them you could run the DHCP server with DHCP reservations so that hostnames and IP addresses remain in lock-step. In fact, you could use any DHCP server (such as a PiHole or other) in your network if you can simply disable the one on the Starlink system.
They would probably still show up as "?", but there is a workaround (such as this) for this with OpenWrt on both the DHCP server and the dumb AP.
Yeah... sounds like it. Seems like any router would be better than the Starlink one. My knowledge of their device is minimal -- just a few things I've seen in youtube videos and such. But there are some good ones that describe using Starlink a an uplink to a more sophisticated network architecture (better routers, etc.).
Back to the hostnames thing... it's important to differentiate between "?"'s showing up in the wifi clients list vs the actual IPs/hostnames of those devices. Hostnames not showing up in the AP doesn't have any consequence except for the fact that you can't easily identify which devices are connected to the AP. But the actual IP addresses and the relationship with the hostnames doesn't change as a function of the AP association, as it is all handled by the DHCP and DNS server.
So, when I consider your situation, your main router, regardless of the firmware on it, just needs to be able to assign and DHCP reservations and associate the hostname within the DNS server. As long as that is working, your network addressing (by IP and/or hostname) will work regardless of the AP that happens to be used (this is assuming the use of dumb AP configuration in the other buildings and a better router in the main house).
I had a read through all that and seems quite hacky in order to achieve it. Would this allow hostname to be set as static DHCP lease from the second router? Or would I have todo this from main router?
Just a thought, If you had on main router DHCP lease from 50 - 150 and second router set 151-200 and third router set 201-255 would that work without creating conflicts? You have 3x servers in different IP ranges?
I would expect this to work in my current configuration... but hostnames don't. For example I have RPI webserver connected to the starlink router and RPI host name is pi, if i'm connected directly to starlink router I can access the webserver via http://pi but if I connect to workshop or second house that hostname doesn't work, but I can still access the webserver using the RPI IP address. eg http://192.168.1.56 (Note: I setup a RPI with webserver to test my network access at different points including the PtP links etc)
I'm trying to setup my Guest Network on OpenWRT which I have working, I can't access OpenWRT web interface nor access anything on the main Lan which is good. The only issue... Is the guest can still see everything and access everything on my WAN network, how do I block this in the firewall? I change the
Allow forward to destination zones:
So there is no WAN and change WAN to
Allow forward from source zones :
I no longer get internet on the Guest network
I'm hoping to have the guest network completely Isolated and only internet access
FWIW I’ve 3 nodes in my network used as dumb AP’s. I have odhcp and dnsmasq turned off on these. In order for the device name to show in the wifi clients instead of a ‘?’, I still go to the DHCP/DNS tab in luci, then to the Static Leases tab, and I add leases without IP addresses and with names for each devices MAC address (or ssh via CLI and use vi editor and copy/paste my client list in the appropriate config file).
All leases need to come from the DHCP server, wherever that resides. DNS is often integrated into the services offered by DHCP servers (dnsmasq does both DNS and DHCP, for example). You would need to be able to control some of the parameters such as DHCP reservations and/or DNS features for it to work, of course... OpenWrt can do this, so can PiHole. But if Starlink can't, you may be out of luck (I'm guessing if you can't turn off the DHCP server, you probably also can't set DHCP option 6 which allows for an alternate DNS server to be specified).
Nope... can't do that. It will cause a conflict -- there is no way for one DHCP server to know what client's it is supposed to respond to as compared to another. That's why you can only have a single DHCP server on your network (unless you have a very high end enterprise type system which can accommodate round robin or backup DHCP servers... but that's another category entirely).
That is because your workshop or 2nd house is running another layer of NAT masquerading and has a separate subnet. More than likely, the name resolution of just http://pi is coming from mdns, not your starlink DNS services.
You'll make a rule that drops or rejects all protocols from source zone lan to 192.168.1.0/24 on destination zone wan.
Thanks for all the explanations, have learnt a lot and have far better understanding now. Still lots to learn and about OpenWRT but it's been awesome so far! A lot easier than RouterOS.
Would you have an example/pic of firewall wall in Luci, still getting my head around the firewalls etc have watched a few vids on it
I have thought of another idea to get the iot devices in workshop and the second house. I have currently setup a VLAN network for my IOT devices which I have just connect a few devices to test. So far so good, my Home Assistant is in the 192.168.10.0/24 subnet and my IOT Vlan in 192.168.40.0/24 and have setup firewall rules and HA can see my devices IOT Vlan network.
If my other router is OpenWRT in workshop I could just use Tagged Vlan in order to be part of my IOT Vlan in my second house? Then I can see and access workshop IOT devices from second house?
I have one weird issue... I have a test instance of Home Assistant running in a virtual machine ( VMware ) for doing all my tests and not stuffing up my main HA. I have set a static lease for HA. When I put my PC to sleep and wake up again HA is no longer see by OpenWRT or the DHCP lease, I can still access HA via the IP address but no longer by the hostname ( all my devices use MQTT and hostnames so quite important ) If I reboot the virtual machine it shows up again in OpenWRT and I can once again use my hostname and all my devices connect to HA.
My VM network settings are just bridged to the main interface. I have had a play around in VM network setting but can't find anything and done bit of a search but no help. It's obviously still connected in the network since the same IP is available and can be used, just loosing the DHCP lease which means I no longer can use the hostname
What is currently being used as the DHCP server? And what about the DNS server? (is this now all running behind an OpenWrt router in the main house, with the WAN of that OpenWrt router connected to Starlink)?
I have taken the main house and workshop out of the equation at the moment until I upgrade them to OpenWRT. I have just put the second house on a new subnet in the OpenWRT router ( 192.168.10.0/24 ) So the router is being used as a router and just using WAN port for Internet access. The DHCP and DNS server is the OpenWRT router, no other DHCP or DNS server on this network.
more than likely, this is an mdns based hostname, so the problem is not the OpenWRT side of the equation, but rather the VM (and/or its host system) that you're working with for HA.
You can set a DHCP reservation an then also include a DNS record for it... the default domain that is used on OpenWrt is ".lan", so it would be "homeassistant.lan", but you could also use a real domain name that you own (in my networks, I use a dynamic dns service and I have a free domain name that they offer... I then have a subdomain, and within the subdomains, I have further subdomains internally...
so if the free ddns domain name is 'myfreedns.com' (just making this up), then I create a dynamic dns subdomain under their free domain that is 'myname.myfredns.com' and this resolves to my wan IP.